Datasheet

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 37
4. Security Anomaly Detection by examining flows that do not traverse trust boundaries for inside the perimeter
attacks
5. Impacts of network and application changes
6. Compliance conformation
7. Traffic patterns for capacity planning
Enabling FNF at the access switch ensures you get all flows. The access switch is the most logical place in the
network for collecting statistics and monitoring all flows. With Netflow, you can obtain MAC-address and access
port information associated with the flow, to get directly to the source of the flow. Most collectors are able to
leverage the location based on MAC-address and interface port number provided by the access switch to the
collector. Thus by enabling FNF at the access switch you are able to get the location information of the flow. The
access switch has a variety of identity mechanism for user authentication and adding user awareness is the
natural progression that can be developed. Access switches are an order of magnitude greater than distribution
and core which makes them scale well for FNF and ensure there are no performance impacts of oversubscription
at aggregation and core.
10GB-T Module
The new Cisco 10G Base-T module is hot-swapable and can operate at either 10GE or GE speed (with manual
configuration).
Table 5 shows the cable types and supported lengths of the new Cisco 10G Base-T module.
Table 5. 10GB-T Cable Types and Supported Lengths
Cable Type Supported Length
Category 7a 100 meters
Category 7 100 meters
Category 6 55 meters
Category 6a
*
100 meters
*
Category 6a requires 3db Insertion Loss margin at 250MHz.
MACsec
The Cisco Catalyst 3750-X and 3560-X Series Switches offer exceptional security with integrated hardware
support for MACsec defined in IEEE 802.1AE. MACsec provides MAC layer encryption over wired networks using
out-of-band methods for encryption keying. The MACsec Key Agreement (MKA) protocol provides the required
session keys and manages the keys required for encryption when configured. MKA and MACsec are implemented
following successful authentication using 802.1x Extensible Authentication Protocol (EAP) framework. In Cisco
Catalyst 3750-X and 3560-X Series Switches both the user/down-link ports (links between the switch and endpoint
devices such as a PC or IP phone) and, using the service module, the network/up-link ports can be secured using
MACsec. With the service module you can encrypt switch to switch links such as access to distribution, or encrypt
dark fiber links within a building or between buildings.